Why you need it: - Protect sensitive customer data - Meet PCI compliance requirements. CWAF supports ModSecurity rules, providing advanced filtering, security and intrusion protection. Hoping to find a common factor with others that leads to a fix.ĬloudLinux 6.8 / Apache 2.4.25 / EA3 / cPanel 11.62.0. Comodo Web Application Firewall (CWAF) provides powerful, real-time protection for web applications and websites running on Apache, LiteSpeed and Nginx on Linux. =0"] Īlso tried stopping this by disabling / whitelisting rule ID 217220 in ConfigServer Modsec Control globally, but no luck. Sec_vendor_configs/comodo_apache/12_HTTP_nf"] [data "REQUEST_HEADERS Operator EQ matched 0 at REQUEST_HEADERS. The ONLY thing that works is going into ConfigServer CMC and then going to each individual user's account ModSec whitelist, and disabling 217250 for each account one by one.ĪLSO starting at 3:30am EST right after upcp / updates, this started and has been no-stop: Then I thought "Well, at least I can use ConfigServer CMC to globally disable / whitelist rule ID 217250" ModSecurity: Access denied with code 403 (phase 2). Update and remove YUM packages from the CWP dashboard. Different PHP versions for each website with PHP-FCGI and PHP-FPM. So I checked the error logs and saw a lot of this for each user who was getting 403'd at their admin areas: The latest OWASP and Comodo WAF rulesets for ModSecurity with automatic updates. Starting at 3:30am EST (right after upcp / updates), a bunch of my customers can't log in to their PHP cms's (WordPress and others).
0 kommentar(er)
